Back Door

Part of a software development (website, web app etc.) that is left open for update purposes but can also be used by hackers or bots.


A bot, or robot, is a technology that is developed to perform an automated task. Malicious bots can be used to bombard websites or other applications multiple times per second to try and over-ride the security gateways.

Botnet – Robot Network

A network of linked computers that have been infected with malicious software. These computers then send out spam/viruses denial of service commands to the computers.


Also known as hacking – malicious or criminal hacking of computers/web applications.

Data Diddling

Can be known as false data entry, is the unauthorised editing of information whilst being entered into a computer. Examples of data diddling include counterfeiting, alterations to security clearance, changing grades or credit ratings.

Data Leakage

Also known as data loss. Usually unapproved and sometimes illegal loss of information that is transferred elsewhere. This could be due to physical removal (USB sticks/CDs, printouts), memorised information through to data hiding (within digital images for example).

Denial of Service – (DoS)

A DoS attack is a purposeful blocking or flooding of an internet service with useless traffic. The ill intended gains from such activity could be blackmail or fraud – e.g. blocking access to banking systems for credit card fraud.

Distributed DoS

Using a larger multiple network of computers to launch a DoS.

DNS Cache Poisoning

Also known as DNS (Domain Name System) Spoofing. The practise is the corruption of the server domain name and replacing it with another IP address. Once redirected to the fraudulent IP address, malware/viruses can then infect this computer.

Easter Egg

An illegitimate and unexpected function within a computer programme. Called an Easter Egg as they can be hard to find.


A way of manipulating a weakness or vulnerability in a computer programme or script. The end result being that the system is taken control of by a third party.


Also known as cracking. Malicious interference of web applications/computers for example – password breaking, code injections. Hacking can be carried out for various reasons ranging from financial to political.


Hacking that is predominantly done for political reasons.

Identity Theft

Fraudulently using someone else’s personal details for illegal gains, usually financial. Personal details that are used can include NI Numbers, birth date, address etc.


Pretending to be another person, usually for fraudulent reasons.


The time period from when a virus or malware embeds itself into an application/computer until it becomes active. During the latency period the virus can remain inactive and hidden or can be programmed to re-produce.

Logic Bomb – also known as Slag Code or Trojan Horse

A common form of virus that becomes active when certain conditions are met – i.e. a time lapse, pressing a keyboard combination, or responding to a computer command. Once the action occurs, the script within the bomb is activated.

Mail Bombing

A type of denial of service. The sending of huge volumes of email to overwhelm a mail server.


An abbreviation of malicious software and an umbrella term for viruses, spyware, Trojan horses etc. Software (a script or computer programme) that is set-up to disrupt or ruin a computer system.

Master Programme

The lead or centralised programme that controls the DoS or distributed DoS attacks.


Hacking into networks or Wi-Fi to gain unauthorised access. Encrypted gateways and passwords help reduce the risk of Piggybacking.


Similar to DNS cache poisoning. A scamming practice using malicious code to re-direct users to dishonest or fake websites without their knowledge.


Unofficial telephone calls, emails or websites that trap users into giving out personal information/financial information/passwords. The data is then used for financial or identity fraud. Phishing emails often contain a link that needs to be clicked or an attachment to be opened. Spear Phishing can take the form of an email that appears to be from someone you know, giving a false sense of security that it is an authorised request for personal information or passwords.

Root Kit

A pack of tools or code that once maliciously installed on a computer allows the hacker to gain access to passwords, change access permissions and monitor the computer secretly without being detected.


Deliberate malicious attacks on computer systems to cause damage and disruption. Reasons for sabotage include financial, espionage or political.

Salami Theft/Slicing – also known as Penny Shaving

The process of using small fraudulent activities, usually for financial gains, that accumulate into larger scale theft. The smaller scale thefts are often undetected until it’s too late.


Using discarded data, back-up tapes or copies of old files to try and find data that could be valuable for illegal purposes. The data could be sensitive data such as passwords, personal details, confidential client data or code files.


Generally speaking, a line of code that enables a particular action. When used for illegal or criminal activity, the script can be written for virus activation for example. Scripts can also inject code to steal data or disrupt service.


The process of covert online activity to mask fraudulent activity. For example, transactions, credit card fraud etc.


Sending unauthorised/unrequested or unsolicited emails offering services or goods. Usually sent in huge volume and can often include Phishing links.


Spam Over Instant Messaging – through texting.


Spam over internet telephony.


Another type of cyber-crime linked to Phishing and Pharming. A hacker pretends to be the authorised user and attempts to access sensitive or financial information.


Using scripts/code that enable the over-riding of normal security controls, therefore enabling access to sensitive data.

Time Bomb

Similar to Latency and logic bombs/Trojan horses. Software programmes that are set to activate after a specific time-frame. May be used by unhappy ex-employees to release information or passwords.

Trojan Horse

A seemingly innocent computer programme (or malware) but in reality, downloads viruses on the computer.


Deliberate and unauthorised destruction of data/networks/computer systems.


Premeditated code that will multiply and spread through a computer or network causing destruction of data or financial loss. Viruses can also change normal computer functions into Trojan horse viruses.


An inherent weakness of a piece of software or operating system that allows hackers to gain access to the system. See Back Door above.


Unauthorised listening or monitoring of data or voice transmissions. Usually for fraudulent financial or political gain.


Similar to a virus. Can reproduce, but does not alter executable files. Worms tend to sit in the background and can go unnoticed until the computer starts slowing down or malfunctioning.


A programme that is used to access another computer and lays dormant until instructed to activate.

You might like to read

Regulatory Umbrella Services

Regulatory Incubation Services

AIFM Solutions Services